Hello
 
My authentification with login, password, SSID start with the “users” files of freeradius.
 
But now I would like use Ldap.
 
-----------
My slapd.conf :
 
include           /etc/openldap/schema/core.schema
include           /etc/openldap/schema/cosine.schema
include           /etc/openldap/schema/inetorgperson.schema
include           /etc/openldap/schema/nis.schema
include           /etc/openldap/schema/corba.schema
include           /etc/openldap/schema/dyngroup.schema
include           /etc/openldap/schema/java.schema
include           /etc/openldap/schema/misc.schema
include           /etc/openldap/schema/openldap.schema
include           /etc/openldap/schema/ppolicy.schema
include           /etc/openldap/schema/RADIUS-LDAPv3.schema
schemacheck on
 
 
# Allow LDAPv2 client connections.  This is NOT the default.
allow bind_v2
 
pidfile           /var/run/openldap/slapd.pid
argsfile    /var/run/openldap/slapd.args
 
database    bdb
suffix            "o=crt"
rootdn            "cn=adminlp,o=crt"
# Cleartext passwords, especially for the rootdn, should
# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw          azerty
rootpw            {SSHA}vx07rOmgLvv4SSxzWfBbrjQy/B02ZxG3
 
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory   /var/lib/ldap
 
--------
Radius.conf
 
ldap {
            server = "127.0.0.1"
            identity = "cn=adminlp,o=crt"
            password = azerty
            basedn = "o=crt"
            filter = "(&(uid=%{Stripped-User-Name:-%{User-Name}})(radiusVSA=%{Symbol-SSID}))"
           
            # ldap connections instead of using ldaps (port 689) connections
            start_tls = no
 
            # tls_cacertfile  = /path/to/cacert.pem
            # tls_cacertdir         = /path/to/ca/dir/
            # tls_certfile          = /path/to/radius.crt
            # tls_keyfile           = /path/to/radius.key
            # tls_randfile          = /path/to/rnd
            # tls_require_cert      = "demand"
 
            # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA"
            # profile_attribute = "radiusProfileDn"
            ###access_attr = "dialupAccess"
 
            # Mapping of RADIUS dictionary attributes to LDAP
            # directory attributes.
            dictionary_mapping = ${raddbdir}/ldap.attrmap
 
            ldap_connections_number = 5
 
            #
            # NOTICE: The password_header directive is NOT case insensitive
            #
            # password_header = "{clear}"
            #
            # Set:
            #     password_attribute = nspmPassword
            #
            # to get the user's password from a Novell eDirectory
            # backend. This will work *only if* freeRADIUS is
            # configured to build with --with-edir option.
            #
            #
            #  The server can usually figure this out on itSymbol-SSIDs own, and pull
            #  the correct User-Password or NT-Password from the database.
            #
            #  Note that NT-Passwords MUST be stored as a 32-digit hex
            #  string, and MUST start off with "0x", such as:
            #
            #     0x000102030405060708090a0b0c0d0e0f
            #
            #  Without the leading "0x", NT-Passwords will not work.
            #  This goes for NT-Passwords stored in SQL, too.
            #
            # password_attribute = userPassword
            #
            # Un-comment the following to disable Novell eDirectory account
            # policy check and intruder detection. This will work *only if*
            # FreeRADIUS is configured to build with --with-edir option.
            #
            # edir_account_policy_check=no
            #
            # groupname_attribute = cn
            # groupmembership_filter = "(|(&(objectClass=GrSymbol-SSIDoupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
            # groupmembership_attribute = radiusGroupName
            timeout = 4
            timelimit = 3
            net_timeout = 1
            # compare_check_items = yes
            # do_xlat = yes
            # access_attr_used_for_allow = yes
      }
 
 
 
--------------------
 
Radius – X
 
             log.radius.txt
 
 


Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.


Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.